Patent-Pending Capability Leverages eBPF to Extend Protection to Egress, “East/West” Traffic; Supports Transition from Legacy to Cloud Environments  

ThreatX, the top platform for protecting APIs and applications, has just released ThreatX Runtime API & Application Protection (RAAP). Without hampering developers or requiring knowledge of cloud-native applications, this patent-pending capability extends threat detection, tracking, and blocking to customers’ runtime environments.

Attackers look for new ways to access sensitive data as organisations move apps and workloads to the cloud, frequently across multi-cloud environments. Even though the Log4Shell vulnerability alerted people to runtime threats, closing these holes is not as simple as it sounds. Organizations can address a wide range of risks to runtime environments with ThreatX RAAP, including insider threats, malware, web shells, remote access software, code injections and modifications, malicious rootkits, and remote access software.

Gene Fay, CEO of ThreatX, stated that the CISOs he meets with “make it clear that they need fewer standalone tools and better ability to protect their APIs and applications across both legacy and cloud-native environments.” “We are thrilled to enable these new capabilities and provide our customers with the tools to confidently block attacks in real-time, from the edge to runtime,” the company said.

Within a Kubernetes environment, the ThreatX RAAP solution is simply deployed as a sidecar container. ThreatX RAAP enables deep network flow and system call inspection, process context tracing, and advanced data collection, profiling, and analytics by utilising extended Berkeley Packet Filter (eBPF) technology. ThreatX RAAP inspects network traffic on any host or node using eBPF without the need for an in-line deployment.

ThreatX RAAP can be used independently or in conjunction with the ThreatX API & Application Protection – Edge solution to address runtime environments. These tools can be used in conjunction to detect, track, and block threats to APIs and applications from all angles.

Other benefits of the ThreatX RAAP solution include:

• Block risky transactions, like attempts at data espionage and excessive data exposure.
• Protect internal network traffic, including virtual networks and subnets (i.e., east-west traffic).
• Utilize transparent TLS inspection to stop malware that is hidden within encrypted data without interfering with communications integration or confidentiality.
• Through ThreatX’s risk-based blocking functionality, massive alert fatigue caused by other security tools can be drastically reduced.

Andrius Useckas, co-founder and chief technology officer at ThreatX, said, “As we explored ways to extend our ability to block, it was important we enabled customers to cover runtime environments, and to do so in a way that was painless for both security and developers.” We can offer all of this and more thanks to eBPF. We think that this cloud-native capability will provide many future benefits in addition to significantly enhancing companies’ API and application protection today.